[wp-hackers] Possible security patch
ian at themeshaper.com
Mon Dec 7 17:38:54 UTC 2009
I still think using a sanitized display name like, 'My Display Name'
becoming 'my-display-name', instead of using a sanitized login name would be
simpler. It would cover the classes and nice-looking URLs wouldn't it? And
it would give users the choice I imagine they think they're getting about
what to reveal in classes and URLs when they choose their display name.
On Mon, Dec 7, 2009 at 11:22 AM, Dre Feeds <feeds at armeda.com> wrote:
> Mark Jaquith wrote:
>>> I think I have a better method of tackling this issue: We now prompt
>>> the user in the wp-admin when they are using the default install
>>> password or a reset password. What about if we do a similar prompt if
>>> "admin" is the only user on the blog, suggesting that they create a
>>> second user name and use THAT for posting?
>> What about simply asking the user about renaming 'admin' to something more
> What about a second built-in account specifically built for posting and
> simply asking the user to rename this account. I think we separate them all
> together so there is no confusion.
> Dre Armeda
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers